Blog Single

Before we jump to anything, let’s get a brief to what malware and firewalls actually are. “Malware” is short for malicious software and used as a single term to refer to the virus, spyware, worm etc. Malware is designed to cause damage to a stand-alone computer or a networked pc. So wherever a malware term is used it means a program which is designed to damage your computer it may be a virus, worm or Trojan. Firewalls are parts or bits of software loaded onto servers, personal computers, OEM boxes, and appliances. The initial job of this piece of software is to monitor the incoming and sometimes outgoing traffic to and from a network, computer, appliance or some other network element. Firewalls are primarily used to enforce a set of rules to increase the security level of an organization. There are tons of firewalls available commercially, open-source and others are actually very good at their job. It is a popular misconception that hosting a firewall on a server will afford the owner of the infrastructure or services behind this protective layer of software, to snooze in peace. To a level this is true. However, with the current spate of polymorphic web-malware traversing the Internet today, it is near impossible for traditional Anti-Virus companies and most firewall manufacturers to keep up with the changing tactics of the malicious hackers. Consider the case that in the last year alone, Stopthehacker.com has documented a 100% increase in the incidents of web-based malware affecting various websites, hosters, and e-businesses than the previous year. This directs straight up to the fact that malware hosters are constantly changing their techniques to make sure they infect more and more systems on a daily basis. Firewalls are not always effective. There are certain scenarios in which they are not effective: Where a firewall cannot inspect enough incoming data to determine whether a stream of information is malicious or not. Malware hosters have constantly tried to chop up malware into benign packets of information trying to get them past stateful and stateless firewalls of different kinds. Modern firewalls are actually pretty good at catching hold of this kind of behavior, but, at the cost of complexity, memory and CPU load. The second scenario, a firewall cannot determine the safety of incoming data irrespective of the amount of data being inspected. Malware authors use easily available toolkits to generate polymorphic code, simply put these toolkits generate millions of different variants of one basic piece of malware. This is very hard to detect. This is where traditional Anti-virus companies bite the dust. Thirdly, when a firewall does not have access to incoming data at all. The firewall must be forgiven for not catching bad incoming data since it has no access to it. We have observed an uptake in “passive credential sniffing trojans”.